note vim-gnupg

This commit is contained in:
Malin Freeborn 2024-04-07 18:20:42 +02:00
parent 09f3afa35b
commit 531cb8da3d
Signed by: andonome
GPG Key ID: 52295D2377F4D70F
3 changed files with 154 additions and 138 deletions

View File

@ -1,142 +1,7 @@
--- ---
title: "gpg" title: "gpg"
tags: [ "Documentation", "data" ] tags: [ "Documentation", "data", "GPG" ]
--- ---
# Making keys
Generate keys:
```bash
gpg --gen-key
```
Follow the guide.
# Encrypting a file
```bash
gpg -r malinfreeborn@posteo.net -e file
```
`-r` specifies the recipient.
Check you have an encrypted version of your file.
# Changing Expiration Dates
gpg --list-keys
... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2?
# Making encrypted files with a local password
Make a password with a password (cypher encryption).
```bash
gpg -c --output passwords.txt
```
or
```bash
gpg -c > passwords.txt
```
Put in a password.
Write message then stop with Ctrl+d.
Get the message back out the file with:
```bash
gpg -d passwords.txt
```
# Circles of Trust
Search for a key at any key store:
```bash
gpg --search-keys nestorv
```
Once you've made a decision about someone:
```bash
gpg --list-keys
```
You get something like this:
```
pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15]
CD30421FD825696BD95F1FF644C62C57B790D3CF
uid [ultimate] Malin Freeborn <malinfreeborn@posteo.net>
sub rsa3072 2021-08-15 [E] [expires: 2023-08-15]
```
Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is.
This is a fingerprint.
You can now decide the trust level (this stays on your computer).
```bash
gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF
```
Once you're in the interface, type `trust`.
```bash
gpg --sign-key alice@posteo.net
```
# Swapping Keys
This system relies on a ring of people swapping key information.
## Sending
Send those trusted keys up to a server, so people can see you have verified them:
```bash
gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
```
## Upload Your Keys
## Add More Key Servers
Key servers often swap keys, but it's best to just send to multiple places immediately.
You can add key servers by adding this to `~/.gnupg/gpg.conf`.
```
keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com
```
# Refresh Keys
Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more).
```bash
gpg --refresh-keys
```
You can use the [crontab](../basics/cron.md) to refresh keys.
# Export
Your public key:
```bash
gpg --output me.gpg --armor --export
```
or
```bash
gpg --export -a person@email.tld > my_key.pub
```
- [Setup](gpg/basics.md)
- [Extras](gpg/extras.md)

141
data/gpg/basics.md Normal file
View File

@ -0,0 +1,141 @@
---
title: "GPG Basics"
tags: [ "Documentation", "data", "GPG" ]
---
# Making keys
Generate keys:
```bash
gpg --gen-key
```
Follow the guide.
# Encrypting a file
```bash
gpg -r malinfreeborn@posteo.net -e file
```
`-r` specifies the recipient.
Check you have an encrypted version of your file.
# Changing Expiration Dates
gpg --list-keys
... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2?
# Making encrypted files with a local password
Make a password with a password (cypher encryption).
```bash
gpg -c --output passwords.txt
```
or
```bash
gpg -c > passwords.txt
```
Put in a password.
Write message then stop with Ctrl+d.
Get the message back out the file with:
```bash
gpg -d passwords.txt
```
# Circles of Trust
Search for a key at any key store:
```bash
gpg --search-keys nestorv
```
Once you've made a decision about someone:
```bash
gpg --list-keys
```
You get something like this:
```
pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15]
CD30421FD825696BD95F1FF644C62C57B790D3CF
uid [ultimate] Malin Freeborn <malinfreeborn@posteo.net>
sub rsa3072 2021-08-15 [E] [expires: 2023-08-15]
```
Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is.
This is a fingerprint.
You can now decide the trust level (this stays on your computer).
```bash
gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF
```
Once you're in the interface, type `trust`.
```bash
gpg --sign-key alice@posteo.net
```
# Swapping Keys
This system relies on a ring of people swapping key information.
## Sending
Send those trusted keys up to a server, so people can see you have verified them:
```bash
gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
```
## Upload Your Keys
## Add More Key Servers
Key servers often swap keys, but it's best to just send to multiple places immediately.
You can add key servers by adding this to `~/.gnupg/gpg.conf`.
```
keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com
```
# Refresh Keys
Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more).
```bash
gpg --refresh-keys
```
You can use the [crontab](../basics/cron.md) to refresh keys.
# Export
Your public key:
```bash
gpg --output me.gpg --armor --export
```
Alternatively:
```bash
gpg --export -a person@email.tld > my_key.pub
```

10
data/gpg/extras.md Normal file
View File

@ -0,0 +1,10 @@
---
title: "gpg"
tags: [ "Documentation", "vim", "data", "GPG" ]
---
The `vim-gnupg` plugin lets vim edit gpg-encrypted files as if they were unencrypted.
It's probably in your package manager.
If not, you'll need to endure the faff of following the [instructions](http://www.vim.org/scripts/script.php?script_id=3645).